Supported operating systems
The software has been tested by the developers only under 'Debian unstable' Linux operating system. If you have questions or you open a ticket for a problem related to running OpenXCAP on a different Linux distribution it is likely that you will not get help. If you do however manage to run the server on a different distribution and would like to share your experience with others, please send us information via the ticketing system so that we can publish it on this web site for the benefit of other users.
Multiple realms
If you run an OpenXCAP server for multiple domains you must inform the server under which domain you want to be authenticated otherwise the authentication will be performed under the default realm defined in the server configuration. The IETF has specified a special host name for the xcap server (xcap.example.com) in order to detect the domain name. In the real-world, for a multi domain environment it is likely that the same server using the same hostname will serve xcap documents for subscribers under multiple domains. Following the IETF recommandation, when using TLS one should purchase certificates for each domain it serves and should have in DNS for each domain it hosts an A record for the XCAP server address, which is not efficient.
We have solved this problem in the following way.
If the client is using user@domain notation in the XCAP URLs, OpenXCAP it will work out of the box. We have noticed however that this functionality is not always available in today's clients. To fix the problem so that the server works for for any client you must indicate in the client xcap-root url URL the domain your belong to as follows:
https://xcap.example.com/xcap-root@example.com/
OpenSER integration issues
- The rpc management interface exposed by OpenSER needs to be protected by iptables or other methods otherwise is reachable from the network - The mi_xmlrpc seem to freeze with no reason after awhile, a restart of the proxy is necessary, next version will use the datagram interface which seem to be more stable
Avoid using the above and use openser-mi-proxy package, it provides both access list and stable control interface.
